Why snap set system does need sudo?


From: https://discourse.ubuntu.com/t/gnome-snap-manager-extension/18695
I have a question: why do some usual snap commands work without sudo (GS password popup appears) and why does snap set system refresh.hold=$(date --iso-8601=seconds -d "60 minutes") does only work with sudo?

Probably a mistake. We use several sources of information, user identity (root or not), user logged in, policy kit prompt. It’s possible that there’s just a bug in how those are applied to “snap set”

The polkit support has mostly been implemented on an “as needed” basis. At present, it has mostly been based on what gnome-software needed, which so far hasn’t included snap configuration.

With that said, it would be hard to provide a comprehensible message to go with the generic snap set command, so the user is aware of what access they’re granting.

With the current infrastructure, the easiest way to provide a custom polkit action ID (and message) would be to add a new API for changing the refresh policy. This wouldn’t imply changing how the policy is stored: just adding an extra way to change it.

Yeah, there are other inconsistencies in polkit too. Such as being able to install and remove snaps once you snap login, but not able to connect / disconnect interfaces without using sudo.


Note that snapd’s polkit support is orthogonal to snap login. In fact, providing macaroon auth to snapd will usually pre-empt polkit authorisation (which is tested last since it has the side effect of prompting the user).

As far as interface connection/disconnection, that is handled via POST requests to /v2/interfaces which is set up to support polkit auth with the action ID io.snapcraft.snapd.manage-interfaces. It seems to behave correctly here, so if you’re having problems I’d be interested in more details.